Government & Public Sector – Cybersecurity – Penetration Tester Senior Manager at EY – McLean, VA, USA, 22102

At EY, you’ll have the opportunity to build a career as unique as you are, with the global scale, support, inclusive culture and technology to help you become your best self. And we’re counting on your unique voice and perspective to make EY even better. Join us and build an exceptional experience for you and a better work environment for everyone. The exceptional EY experience. You can build it. EY is committed to high ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

From strategy to execution, Ernst& Young’s Government & Public Sector (“GPS”) practice provides a full range of advisory and audit services to help our federal, state, local, and education clients implement new ideas to achieve their mission outcomes. We deliver real change and measurable results through our diverse, high-performing teams, quality work at the highest professional levels, operational expertise across our global organization, and creative and bold ideas that drive innovation. We enable our government clients to achieve their missions to protect the nation and serve the people; enhance public safety; improve health care for our military, veterans, and civilians; deliver essential public services; and assist those in need. EY stands ready to help our government build a better working world.

The chance

Our cybersecurity professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team works together to plan, pursue, deliver and manage engagements to assess, enhance, build and in some cases execute integrated security operations for our clients.

We support you with career-long training and coaching to develop your skills. Because EY is a world-leading professional services firm, you’ll work with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Your main responsibilities

Our cybersecurity professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the latest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on various cybersecurity topics with key industry groups. The team regularly provides thought leadership and information exchanges through traditional and less conventional communication channels, such as speaking at conferences and publishing whitepapers.

As part of our Penetration Testing team, you will identify potential threats and vulnerabilities for operational environments. Projects here may include penetration testing and simulating physical breaches to identify vulnerabilities.

Our professionals work together to plan, execute, deliver and manage engagements to assess, improve, build and in some cases execute integrated security activities for our clients.

Skills and Traits for Success

Perform penetration testing for Internet, intranet, wireless, web applications, social engineering, and physical penetration testing.
Execute red team scenarios to identify gaps that impact organizations’ security.
Ability to work independently as well as lead a team of technical testers in penetration testing and red team assignments.
Provide technical leadership and advise junior team members on attack and penetration testing assignments.
Identify and exploit security vulnerabilities across a wide range of systems in a variety of situations.
Conduct an in-depth analysis of penetration testing results and prepare a report describing the findings, operational procedures, risks, and recommendations.
Conduct penetration testing projects using established methodology, tools, and rules of the game.
Explain complex technical security concepts to technical and non-technical audiences, including executives.

To be eligible for the position you must:

A bachelor’s degree and at least 8+ years of relevant work experience
Experience with manual attack and penetration testing
Experience with scripting/programming skills (e.g. Python, PowerShell, Java, Perl etc.).
Updated and familiar with the latest exploits and security trends
Experience in leading a technical team performing remote and on-site penetration testing within established guidelines.
Knowledge of performing network penetration testing that avoids detection and common alert thresholds on endpoints and security tools
Two of the following certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.
Willingness and flexibility to travel up to 60%, both domestically and internationally, to meet client needs.
Must be able to obtain and maintain a non-disclosure agreement or higher

Due to the nature of our work in government and the public sector, it may be necessary to perform work at client, EY and/or contractor locations. Our goal is to assign professionals to projects within a commuting distance of their work location office. In certain circumstances, travel outside of your work location may be required based on client and project needs. Candidates should be prepared to travel 20 – 30% or more.

Ideally you also have

A Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering or a related field with at least three years of relevant work experience or a Master’s degree and at least two years of relevant work experience in penetration testing including Internet, Intranet, Web Application Penetration Testing, Wireless, Social Engineering and Red Team Assessments
Knowledge of Windows, Linux, Unix and other major operating systems
Knowledge of the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends in cloud deployments
In-depth knowledge of TCP/IP network protocols
In-depth knowledge and experience with various Active Directory attack techniques
Understanding network security and popular attack vectors
Understanding Vulnerabilities in Web-Based Applications (OWASP Top 10)

What we are looking for

We are interested in intellectually curious individuals with a genuine passion for cybersecurity. With your specialization in attack and penetration testing, we will ask you to come up with innovative new ideas that can make a lasting difference not only to us, but to the entire industry. If you have the confidence in both your presentation and technical skills to become a leading expert, then this is the role for you.

What we offer

We offer a competitive compensation package where you are rewarded based on your performance and recognized for the value you bring to our company. In addition, our Total Rewards package includes medical and dental coverage, retirement and 401(k) plans, and a wide range of paid time off options. Our flexible vacation policy allows you to determine how much vacation time you need based on your own personal circumstances. You will also be provided with time off for designated EY paid holidays, winter/summer vacations, personal/family care, and other absences when necessary to support your physical, financial, and emotional well-being.

Continuous development: You develop the mindset and skills to deal with all challenges.
Success as you define it: We provide you with the tools and flexibility to make a meaningful impact your way.
Transformational Leadership: We give you the insights, coaching and confidence to be the leader the world needs.

What We Offer We offer a comprehensive compensation and benefits package where you will be rewarded based on your performance and recognized for the value you bring to the company. The base salary range for this role in all U.S. geographic locations is $168,900 – $386,100. The salary range for New York City Metro Area, Washington State, and California (excluding Sacramento) is $202,800 – $438,800. Individual salaries within these ranges are determined by a wide variety of factors including but not limited to education, experience, knowledge, skills, and geography. Additionally, our Total Rewards package includes medical and dental coverage, retirement and 401(k) plans, and a wide range of paid time off options. Join us in our team-led, leader-driven hybrid model. We expect most individuals in remote, client-facing roles to collaborate in person 40-60% of the time over the course of an assignment, project, or year. Our flexible vacation policy allows you to determine how much vacation time you need based on your own personal circumstances. You will also be provided with leave for designated EY paid holidays, winter/summer vacations, personal/family care, and other absences when necessary to support your physical, financial, and emotional well-being.

Continuous development: You develop the mindset and skills to deal with all challenges.
Success as you define it: We provide you with the tools and flexibility to make a meaningful impact your way.
Transformational Leadership: We give you the insights, coaching and confidence to be the leader the world needs.
A diverse and inclusive culture: You are accepted for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the above criteria, please contact us as soon as possible. EY exists to create a better working world, helping to create long-term value for clients, people and society, and building trust in the capital markets. Using data and technology, diverse EY teams in more than 150 countries deliver trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers to the complex problems facing our world today. EY is an equal opportunity employer and provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodations to qualified individuals with disabilities, including veterans with disabilities. If you have a disability and need assistance applying online or would like to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select option 2 for Candidate Questions, then select option 1 for Candidate Questions, and finally select option 2 for Candidates with a Question. You will be directed to the EY Talent Shared Services (TSS) Team. You may also email the TSS at [email protected].